Deployed vSphere Replication 5.8.1.3 to a windows 5.5 U3 vCenter and 5.5 ESXi hosts. Only a handful of ESXi hosts (out of 400+) were to be used for replication.
Nearly every hour, the vCenter task pane would be flooded with “Host is configured for vSphere Replication” tasks from com.vmware.vadm.ngc60 for all of the ESXi hosts in the vCenter. Apx task would start once the last 15 ended.
The event logs on a host would show vSphere Replication trying to install the VIB file again.
Sample ESXi host –
Successfully installed 0 VIB(s), removed 0 VIB(s). Please use ‘esxcli software profile get’ or see log for more detail about the transaction. – 5:56:03 PM
Task: Install – 5:56:02 PM
Host is configured for vSphere Replication – 5:08:18 PM
Task: Update SSL thumbprint registry – 5:05:48 PM
Task: Update SSL thumbprint registry – 4:12:08 PM
Successfully installed 1 VIB(s), removed 0 VIB(s). Please use ‘esxcli software profile get’ or see log for more detail about the transaction. – 4:02:12 PM
Firewall configuration has changed. Operation ‘enable’ for rule set dynamicruleset succeeded. – 4:01:55 PM
Firewall configuration has changed. Operation ‘add’ for rule set dynamicruleset succeeded. – 4:01:55 PM
Firewall configuration has changed. Operation ‘remove’ for rule set dynamicruleset succeeded. – 4:01:50 PM
Firewall configuration has changed. Operation ‘enable’ for rule set Replication-to-Cloud Traffic succeeded. – 4:01:50 PM
Firewall configuration has changed. Operation ‘add’ for rule set Replication-to-Cloud Traffic succeeded. – 4:01:50 PM
Task: Install – 4:01:48 PM
The vSphere Replication VM was powered off since the end user impact was the web client was slow during this time of the VIB push and search in the c# client timed out.
VMware KBA 2110304 states ” During boot, the HMS (Host Based Replication Management System) service on the replication appliance, pushes vr2c-firewall.vib to all hosts in the environment. This is to ensure proper firewall ports are opened. After the upgrade, HMS tries to reinstall this vib every time the host connects with vCenter Server, the logs reflect constant re-invocations of the vib download and install.”
The rest of this post will show you how to stop the replication appliance pushing the vr2c-firewall.vib to all hosts in the environment after the “Host is configured for vSphere Replication” task is complete
This demo is for a fresh install of vSphere Replication 6.1.1 + disabling the vr2c-firewall.vib push so that you can control which hosts it is installed & so that the VIB is not re-installed nearly every hour.
Mount the VMware-vSphere_Replication-6.1.1.14190-4595498.iso
Deploy E:binvSphere_Replication_OVF10.ovf
Login to the VAMI webpage :5480 as root.
Click VR/Configuration – The Service is not running.
Open the console of the VR VM. The the following to enable ssh and allow root to login.
vi /etc/ssh/sshd_config
PermitRootLogin = yes
service sshd start
Via a putty session or the the VM console, type this command in:
/opt/vmware/hms/bin/hms-configtool -cmd reconfig -property hms-auto-install-vr2c-vib=false
You can edit /opt/vmware/hms/conf/hms-configuration.xml if you like to make hms-auto-install-vr2c-vib=false vs true
To validate you can run this command returns >false<
/opt/vmware/hms/conf/hms-configuration.xml | grep hms-auto-install
Go back to the the VAMI website. VR/Configuration
Fill in the SSO password and click Save and Restart. Accept the cert popup and 3-5 minutes later the service should be “running” at the bottom.
Any new ESXi host that wants to use the product will have to download and install the VIB.
WinSCP – /opt/vmware/hms/vib/
URL – https://192.168.0.239:8043/vib/vr2c-firewall.vib
SSH into the ESXi host and install the VIB via the URL or location of the VIB on the datastore you placed it on from WinSCP.
esxcli software vib install -v https://192.168.0.239:8043/vib/vr2c-firewall.vib
esxcli software vib install -v “/vmfs/volumes/NVMe/vr2c-firewall.vib”
Validate via this command
esxcli software vib list | grep vr2c
This task will not cause impact to the vcenter end users. It will occur when VRMS is restarted (service hms restart) or the vCenter Virtual Center service is restarted. This will only happen on host that have the VIB installed.
Task: Update SSL thumbprint registry
info
Update SSL thumbprint registry
esxihostname
com.vmware.vcHms
If you already have vSphere Replication powered off since it caused impact; follow these step to stop the VIB from being re-installed. There is not negative consequence of having the vr2c-firewall.vib installed on a host that will not use Replication.
- Take a snapshot of each powered off vapp.
- Un-check the NIC.
- Power on.
- Login at the console
- Type in – /opt/vmware/hms/bin/hms-configtool -cmd reconfig -property hms-auto-install-vr2c-vib=false
- Shut down.
- Enable the NIC
- Power on
- Validate the app
- Confirm no more Update SSL thumbprint registry / install tasks flooding the vcenter
- Remove snapshot
Here is the command to un-install the VIB.
esxcli software vib remove -n vr2c-firewall
